The GDPR (General Data Protection Regulation) is the most important development of Data Protection Law for decades. It’s aim when it came into effect on the 25 May 2018, was to strengthen and ultimately replace the existing Data Protection Act (1998). It was designed to protect the personal data and privacy of citizens across Europe and will not be affected by the UK’s exit from the EU.
What has Capital Computer Care done to ensure compliance with GDPR?
We have taken the necessary steps across our business to ensure we comply with GDPR. We have identified what personal data we hold for our customers, why we hold it, where it is stored and for how long. We are already compliant with the Data Protection Act and our compliance with GDPR builds on this foundation.
- Directors approval and staff’s support to undertake this important work – Complete
- Audit of all areas of our business which are likely to be impacted by GDPR – Complete
- Identify all systems and locations that hold personal data to ensure we know whether that data is held, why we hold it and for how long – Complete
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – Complete
- Ensure that all members of the business are educated and informed about GDPR and the changes that will be required by our business – Complete
- Test all of our changes thoroughly to verify and validate compliance with GDPR – Complete
- Finalise and communicate our full compliance prior to the deadline – Complete
We have reviewed our data security, privacy policies and processes to ensure that we are not only compliant but go further to ensure that your data is safe with us. Based on the research conducted both internally and externally, we are confident the measures we have introduced meet the requirements of GDPR.
Ongoing Action Plan:
- We ensure all employees are made aware when there are updates regarding GDPR.
- We regularly review our privacy notices as well as those of our third parties and suppliers to ensure they are compliant with GDPR.
- We ensure that we are able to honour the rights of individuals. If someone asks for their data, we endeavour to give it to them in a secure, standard format.
- We ensure that if we are requested to remove someone’s data, that we will follow the correct procedure to do so.